ClawHub

dingtalk-feishu-cn

v1.0.0

钉钉/飞书集成 - 企业通讯、机器人、自动化工作流(Slack 中国版)

6· 1.6k·11 current·13 all-time
byGuohongbin@guohongbin-git
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description claim DingTalk and Feishu integration, which matches the content of SKILL.md (webhooks, SDK examples). However the SKILL.md uses placeholders like APP_KEY, APP_SECRET, APP_ID and webhook tokens but the skill metadata declares no required environment variables or primary credential. The quick-start references local scripts (./scripts/dingtalk-notify.sh, ./scripts/feishu-notify.sh) that are not present in the package. The lack of declared secrets and missing scripts is an incoherence between purpose and actual package contents.
!
Instruction Scope
Runtime instructions tell the agent to send curl requests to webhook endpoints and to install/instantiate SDK clients using APP_KEY/APP_SECRET variables. They also show running local scripts that don't exist in the bundle. While the instructions do not explicitly exfiltrate data or call unexpected external endpoints, they implicitly require secret tokens and local scripts that are not provided — leaving ambiguity about where secrets should be stored and what the scripts would do if run.
Install Mechanism
There is no install spec and no code files besides SKILL.md and package.json, so nothing will be downloaded or executed by the platform installer. This is the lowest-risk install mechanism for a skill.
!
Credentials
The skill clearly needs service credentials (webhook tokens, APP_KEY/APP_SECRET, APP_ID) to function, but requires.env and primary credential are empty. That mismatch makes it unclear how the skill expects to receive secrets and increases risk that users might supply credentials in insecure ways. The package.json author is anonymous ('money-maker-ai') and there is no homepage or source URL to validate authorship.
Persistence & Privilege
The skill does not request always: true, does not declare config path access, and does not modify other skills. Autonomous invocation is allowed (the platform default) but there are no additional persistence or elevated privileges requested.
What to consider before installing
This skill's instructions show it needs webhook URLs and API keys (APP_KEY, APP_SECRET, APP_ID) and refer to local scripts, but the package metadata does not declare any required credentials and the referenced scripts are missing. Before installing: 1) Do not supply organization credentials or tokens until the author documents exactly which env vars are required and how they are used. 2) Ask the publisher for the missing ./scripts files or for concrete examples showing where secrets should be stored (and insist on secure storage). 3) Prefer skills with a homepage, source repository, or a known publisher; 'money-maker-ai' and no homepage is a weak provenance signal. 4) If you do test it, use throwaway test accounts/webhooks rather than production credentials. 5) If the agent will run autonomously with credentials, treat that as higher risk — only enable if you trust the author and have verified the code. These inconsistencies are explainable (incomplete packaging) but they warrant caution, so treat the skill as suspicious until the author addresses them.

Like a lobster shell, security has layers — review code before you run it.

latestvk975h8nawfj6wrsx8nq825ej5h81e3tw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💼 Clawdis

Comments